Hi, I want to change the default bits from 1024 to 2048 and the default digest from sha1 to sha256.
There seems to be inconsistencies in how the various apps handle the defaults: - genrsa has an "#define DEFBITS 1024", you can't modify it in the config file. - ca has: #define ENV_DEFAULT_MD "default_md" reads it from the config file which has: default_md = default # use public key default MD and so calls EVP_PKEY_get_default_digest_nid() - req has both default_md and default_bits in the config file with this in the default config file: default_bits = 1024 And this in code: #define DEFAULT_KEY_LENGTH 512 Since the config has no default md in it, it also ends up calling EVP_PKEY_get_default_digest_nid() Would it make sense to let EVP_PKEY_get_default_digest_nid return sha256 by default, or would this cause problems? For the default key lengths I think I'm going to change both the code and default config file. But I'm not sure if it would make sense to also make this a setting in the config file for all cases. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org